Police arrest alleged hacker behind GoGet data breach

A 37-year-old man from the Illawarra region in NSW has been charged for allegedly hacking into the database of Australian car sharing start-up, GoGet.

GoGet emailed current and former members on 31 January notifying them of an incident that involved unauthorised activity on its systems, and that customer data had been compromised as a result of the hack.

“On 27 June 2017, GoGet’s IT team identified suspected unauthorised activity on its system and a full internal investigation was immediately commenced,” the company said. “GoGet quickly reported the incident to the NSW Police’s Cybercrime Squad and has since worked closely with NSW Police which has culminated in the arrest of a suspect – an unusual and welcome outcome in a case like this.

“Although the investigation by NSW Police is ongoing, it appears that the suspect was accessing GoGet’s systems in an attempt to use GoGet vehicles without permission.

“In the process, as part of his overall activity on the system, it also appears that the suspect has accessed personal information of GoGet’s members and individuals who have previously attempted to create a GoGet account,” the company said.

GoGet stressed that payment card details that may have been provided by customer were not affected by the incident.

“Also, based on advice from the NSW Police Cybercrime Squad, at this time there is no evidence of misuse of, or that the suspect has disseminated any of, your personal information,” GoGet said.

The NSW Police said on 31 January that detectives from the Cybercrime Squad have since charged a 37-year-old man from Illawarra, on the NSW South Coast, who “allegedly gained unauthorised access to a company’s database and stole cars”.

The man, who has been refused bail, is set to appear at Wollongong Local Court on 31 January. The man has been charged with two counts of unauthorised access, modification, or impairment with intent to commit serious indictable offence; and 33 counts of take and drive conveyance without consent of owner.

The Police said that detectives from the State Crime Command’s Cybercrime Squad established Strike Force Artsy to investigate unauthorised access to the administrative section of GoGet’s website in July last year.

Investigators subsequently identified that unauthorised access was gained into the company’s fleet booking system and customer identification information from the database was downloaded.

Police will allege in court that the information obtained by the suspected hacker was used to access vehicles without consent on more than 30 occasions between May and July 2017.

Strike Force Artsy detectives, assisted by the Public Order and Riot Squad, executed a search warrant at a home at Penrose on 30 January 2018.

According to Cybercrime Squad Commander, Detective Superintendent Arthur Katsogiannis, the investigation is continuing.

“At this stage, it doesn’t appear that any information, which included customer details and a small number of payment card details, has been used fraudulently or further disseminated, but our inquiries are ongoing,” Katsogiannis said.

GoGet has set up a dedicated webpage to provide further information about the incident and subsequent data breach.

Slideshows

ARN Exchange: Channel discusses security spending priorities

Customers spending priorities, drawing up a security strategy for customers and partners, detailing how partners can increase profit through security and outlining key areas of market growth ahead were some of the topics discussed at the ARN Exchange event in Sydney. Partners got together to talk about the spending priorities of customers within the security market today and the skills required from partners to deliver those services. The event was in association with Juniper Networks, Webroot, Cloud Plus and Mimecast. Photos by Christine Wong.

What are the spending priorities of customers within the security market today and what are the skills required from partners to deliver those services? An overview of the security market in Australia was debated in the ARN Exchange event in Melbourne with discussions covering the customers spending priorities, drawing up a security strategy for customers and partners, detailing how partners can increase profit through security and outlining key areas of market growth ahead. The event was in association with Juniper Networks, Webroot, Cloud Plus and Mimecast. Photos by Raymond Korn.

The channel came together for the forth running of the ARN Emerging Leaders Forum in Australia, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry.
Hosted as a half day forum, attendees heard from industry specialists as keynoters and panellists discussed leadership paths and career choices. Hall of Fame members and industry mentors​ hosted small groups of future leaders to mentor and advise.
This also marked ARN's inaugural 30 Under 30 Tech Awards, which recognised young talent in the Australian IT industry across technical, sales, marketing, management, human resources and entrepreneur categories.
Photos by Christine Wong.

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.